Critical PNG Vulnerabilities Discovered in libpng Library

Severity: High (Score: 67.5)

Sources: Cybersecuritynews, Gbhackers

Summary

Security researchers have identified two high-severity vulnerabilities in libpng, the reference library used for processing PNG image files. These vulnerabilities allow remote attackers to trigger process crashes and leak sensitive heap memory, potentially leading to arbitrary code execution. The flaws arise from the processing of specially crafted PNG images, affecting any software that parses malformed images. The vulnerabilities are classified as critical due to their potential for exploitation in various applications. Affected systems include any software utilizing libpng for image processing. The vulnerabilities have been assigned CVE identifiers, although specific CVEs were not mentioned in the articles. As of now, security advisories are expected to be released to address these issues. Users and organizations are urged to monitor for updates and apply patches as they become available. Key Points: • Two high-severity vulnerabilities found in libpng library. • Attackers can exploit these flaws to trigger crashes and leak sensitive data. • All software that processes PNG images is potentially affected.

Key Entities

• Data Breach (attack_type)
• T1203 - Exploitation for Client Execution (mitre_attack)
• Libpng (platform)
• Portable Network Graphics (platform)